← Back

CVE-2013-6920

nvd nist
Published: Dec 7, 2013Modified: Apr 29, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

Affected (14)

Siemens
14 products
Sinamics S/g Family Firmware
Sinamics G110
Sinamics G110d
Sinamics G120
Sinamics G120c
Sinamics G120d
Sinamics G120p
Sinamics G130
Sinamics G150
Sinamics G180
Sinamics S110
Sinamics S120
Sinamics S120cm
Sinamics S150
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Sinamics S/g Family Firmware
Up to 4.6
Sinamics G110
All versions
Sinamics G110d
All versions
Sinamics G120
All versions
Sinamics G120c
All versions
Sinamics G120d
All versions
Sinamics G120p
All versions
Sinamics G130
All versions
Sinamics G150
All versions
Sinamics G180
All versions
Sinamics S110
All versions
Sinamics S120
All versions
Sinamics S120cm
All versions
Sinamics S150
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.